All Products
Search

This Product

    Elastic Container Instance:Use tcpdump to capture packets and analyze network issues

    Document Center

    Elastic Container Instance:Use tcpdump to capture packets and analyze network issues

    Last Updated:Oct 15, 2024

    Elastic Container Instance allows you to enable the tcpdump feature with a few clicks to capture and parse network packets. This helps you monitor and analyze network traffic. This topic describes how to enable the tcpdump feature to capture network packets and identify and analyze issues when network exceptions occur in containers.

    Background information

    When a network exception occurs in a container, you may need to capture network packets to identify and analyze the issue. However, the system may encounter the following issues when the system tries to capture network packets:

    • The system may not be able to use the exec command to enter the container because the container may not be in the running state when network exceptions occur.

    • The tcpdump tool may not be pre-installed in the root file system (rootfs) of the container. The system cannot use the tcpdump feature to capture packets.

    Elastic Container Instance allows you to easily enable the tcpdump feature to resolve the preceding issues. The following figure shows the logic of the tcpdump feature.

    tcpdump

    Limits

    You cannot use the tcpdump feature in the following regions: China (Ulanqab), China (Heyuan), China (Guangzhou), China (Nanjing - Local Region), Philippines (Manila), Korea (Seoul), Thailand (Bangkok), and Malaysia (Kuala Lumpur).

    Procedure

    You can use the tcpdump feature in the Elastic Container Instance console or by calling an API operation.

    Use the Elastic Container Instance console

    1. Log on to the Elastic Container Instance console.

    2. Enable tcpdump for an elastic container instance.

      1. In the left-side navigation pane, click Container Group. On the Container Group page, click the ID of the instance for which you want to enable the tcpdump feature to go to the instance details page.

      2. On the O&M tab, click the Tcpdump tab.

      3. Click Enable.

      4. In the Enable Tcpdump dialog box, configure parameters based on your requirements and then click OK.

        The following table describes the parameters.

        Parameter

        Description

        Source

        You can specify a source IP address or CIDR block for the packet capture. You can also specify a source port for the packet capture.

        Destination

        You can specify a destination IP address or CIDR block for the packet capture. You can also specify a destination port for the packet capture.

        ENI

        The Elastic Network Interface (ENI) on which you want to capture packets.

        Packet

        • Size: the packet length to be captured. Default value: 65535. Unit: bytes.

        • Quantity: the number of packets to be captured.

        • Duration: the duration of the packet capture. Unit: seconds.

        Network Protocol

        The network protocol that you use to capture packets. TCP, UDP, and ICMPv4 are supported.

        After you enable the tcpdump feature, the system starts to capture packets and generates an O&M task that is in the Running state.

    3. Debug the elastic container instance based on your business requirements and then disable tcpdump.

      After you disable the tcpdump feature, the system stops capturing packets, generates a packet file, and stores the packet file in an Object Storage Service (OSS) bucket. The following table describes how to disable the tcpdump feature.

      Disable mode

      Description

      Manually

      On the Tcpdump tab of the instance, click Disable.

      Automatically

      If you specified parameters, such as Size, Quantity, and Duration, to specify the size and duration of the packet capture when you enabled the tcpdump feature, the system automatically disables the feature when one of the conditions is met.

    4. Click Download in the Result column corresponding to the O&M task to download the packet file to your on-premises computer.

      Note

      If the system does not respond, check the website permission settings of your browser. For more information, see the FAQ section of this topic.

    OpenAPI

    1. Call the CreateInstanceOpsTask operation to enable the tcpdump feature for the elastic container instance.

      You must specify the following parameters to enable the tcpdump feature:

      • ContainerGroupId: the ID of the elastic container instance for which you want to enable the tcpdump feature.

      • OpsType: Set this parameter to tcpdump.

      • OpsValue: Set this parameter to {"Enable":true}.

        Note

        OpsValue is a collection of parameters for a tcpdump O&M task. The values of OpsValue are JSON-formatted strings. You can specify parameters, such as Source, Destination, ENI, and Packet, based on your business requirements. For more information about OpsValue, see CreateInstanceOpsTask.

    2. Debug the elastic container instance based on your business requirements and then disable the tcpdump feature.

      After you disable the tcpdump feature, the system stops capturing packets, generates a packet file, and stores the packet file in an OSS bucket. The following table describes how to disable the tcpdump feature.

      Disable mode

      Description

      Manually

      If you want to call the CreateInstanceOpsTask operation to disable the tcpdump feature, you must specify the following parameters:

      • ContainerGroupId: the ID of the elastic container instance for which you want to disable the tcpdump feature.

      • OpsType: Set this parameter to tcpdump.

      • OpsValue: Set this parameter to {"Enable":false}.

      Automatically

      If you specified parameters, such as Snaplen, Duration, PacketNum, and FileSize, in OpsValue to specify the size and duration of the packet capture when you enabled the tcpdump feature, the system automatically disables the feature when one of the conditions is met.

    3. Download the packet file.

      1. Call the DescribeInstanceOpsRecords operation to obtain the URL that points to the packet file from the ResultContent response parameter.

        The packet file is stored in an OSS bucket. Example URL: http://eci-ops-files-cn-beijing.oss-cn-beijing.aliyuncs.com/pcaps/1609****/eci-2ze6n7kqdici********-eth0-****.pcap?Expires=****&OSSAccessKeyId=****&Signature=****&security-token=****.

      2. Click the URL to download the packet file to your on-premises computer.

    FAQ

    What do I do when the system does not respond after I enable tcpdump in the Elastic Container Instance console and click Download in the Result column of the O&M task?

    If the system does not respond after you enable the tcpdump feature in the Elastic Container Instance console and click Download in the Result column of the O&M task, check the website permission settings of your browser. For example, if you use Google Chrome, you can use the following method to allow the download:

    1. In the Elastic Container Instance console, click the 浏览器图标 icon in the address bar of your browser and then select Site settings. 浏览器设置1

    2. Change the settings of the configuration item Insecure content to Allow. 浏览器设置2